samenvatting law and technology (Eva Lievens)

Law and technology
How to study for this course: start form the ppt, this is the study material (structure it)
and then go read the chapter in the book so you know roughly wat’s in there and you
know where to find it.

Right or wrong questions/ Explain why… / Identify legal issue in short articles/ case
questions → for example:

- A secondary school in Ghent observes that more and more students are skipping
school. Because this imposes a high administrative burden on the staff, the
principal plans to introduce a new access control system that would only allow
students access to the school by scanning their fingerprint. Each morning this
will generate a list of all students that are not present.
- You are contacted by the principal to provide legal advice on the introduction of
such a system. Write a brief legal opinion for the principal with references to the
relevant article(s) in the law.

→ goals off these questions:

o identifying different legal questions / issues
o knowing where to find relevant articles
o applying relevant rules to the case at hand




PART I TECHNOLOGY + ECONOMY + SOCIETY................................................................................. 6

TECHNOLOGICAL CONSIDERATIONS: .........................................................................................................7
ECONOMIC CONSIDERATIONS .................................................................................................................8
SOCIETAL CONSIDERATIONS ...................................................................................................................9

PART VI REGULATING TECHNOLOGY .............................................................................................10

PART II INTERACTION BETWEEN TECHNOLOGY AND LAW ..............................................................12



1

,CHAPTER 5 FREEDOM OF EXPRESSION AND DIGITAL TECHNOLOGIES ................................................................ 14
afdeling 1: LEGAL FRAMEWORK.................................................................................................. 15
OA1: united nations ...................................................................................................................................15
oa2: Council of Europe: .............................................................................................................................16
oa3: European Union .................................................................................................................................18
oa4: Belgium .............................................................................................................................................20
CHAPTER 16 THE LIABILITY OF ONLINE INTERMEDIARIES ............................................................................... 22
Afdeling 1: legal framework ........................................................................................................ 23
Oa1: COUNCIL OF EUROPE .......................................................................................................................23
Oa2: EUROPEAN UNION ...........................................................................................................................24
CHAPTER 6: THE RIGHT TO PRIVACY AND DATA PROTECTION IN A DIGITAL ERA ...................................................... 26
CHAPTER 7 DIGITAL DISCRIMINATION ...................................................................................................... 27
Afdeling 1: introduction .............................................................................................................. 27
Afdeling 2: legal framework ........................................................................................................ 28
OA1: UNITED NATIONS ..............................................................................................................................28
Oa2: COUNCIL OF EUROPE .......................................................................................................................29
Oa3: EUROPEAN UNION ...........................................................................................................................30
oa4: BELGIUM ...........................................................................................................................................31
CHAPTER 8 CHILDREN’S RIGHTS IN THE DIGITAL ENVIRONMENT ...................................................................... 31
Afdeling1: legal framework ......................................................................................................... 32
Oa1: UNITED NATIONS ..............................................................................................................................32
Oa2: EUROPEAN UNION ...........................................................................................................................36
CHAPTER 6: THE RIGHT TO PRIVACY AND DATA PROTECTION IN A DIGITAL ERA ...................................................... 37
Afdeling 1: introduction .............................................................................................................. 37
Afdeling 2: legal framework ........................................................................................................ 40
OA1: United Nations ..................................................................................................................................40
Oa2: Council of Europe .............................................................................................................................41
Oa3: European Union ................................................................................................................................43
Oa4: Belgium ............................................................................................................................................45
Afdeling 3: Focus on GDPR ......................................................................................................... 46
OA1: intro ..................................................................................................................................................46
oa2: Objectives (art. 1 GDPR) .....................................................................................................................48
Oa3: Material scope (art. 2 GDPR) ..............................................................................................................49
Oa4: Territorial scope (art. 3 GDPR) ............................................................................................................50
CHAPTER 9 PERSONAL DATA AND NON-PERSONAL DATA ............................................................................... 50
Afdeling 1: GDPR ....................................................................................................................... 50
Oa1: Personal data ....................................................................................................................................50
Oa2: NON-personal data ...........................................................................................................................53
OA3: anonymous data ...............................................................................................................................54
Oa4: Pseudonymised data .........................................................................................................................54
Oa5: Special categories of personal data or ‘sensitive data’ ........................................................................55
oa6: Biometric data? .................................................................................................................................57
Afdeling 2: Belgium .................................................................................................................... 57
CHAPTER 10 DATA PROTECTION ACTORS .................................................................................................. 58
Afdeling 1: Date subject ............................................................................................................. 59
Afdeling 2: Data controller .......................................................................................................... 59
Afdeling 3: Joint controllers......................................................................................................... 61
Afdeling 4: Data processor ......................................................................................................... 61
Afdeling 5: Sub processor: .......................................................................................................... 62
Afdeling 6: What is important in this relationship between data processor en data controller .......... 62
Afdeling 7: the recipient and third party ....................................................................................... 64
CHAPTER 11. DATA PROTECTION PRINCIPLES ............................................................................................ 64


2

, Afdeling 1: LAWFULNESS (ART. 5.1 & 6 GDPR) ............................................................................. 65
Oa1: Lawfulness: consent (art. 6 (1) a GDPR) .............................................................................................65
1.1. Freely given: ...........................................................................................................................66
1.2. Specific:.................................................................................................................................67
1.3. Informed: ...............................................................................................................................67
1.4. Unambiguous: .......................................................................................................................67
1.5. Consent for processing of children’s data (art. 8) .....................................................................68
OA2: Lawfulness: contract (article 6 (1) b GDPR) ........................................................................................69
Oa3: Lawfulness: legal obligation (article 6 (1) c GDPR) ..............................................................................69
Oa3:Lawfulness: vital interests (article 6 (1) d GDPR) .................................................................................70
Oa4: Lawfulness: public interest (article 6 (1) e GDPR) ...............................................................................70
Oa5: Lawfulness: legitimate interests (art. 6 (1) f GDPR) .............................................................................70
Oa6: examples: .........................................................................................................................................71
Afdeling 2: FAIRNESS (ART. 5.1.A GDPR) ...................................................................................... 72
afdeling 3: TRANSPARENCY (ART. 5.1.A + ART. 12-14 GDPR) ......................................................... 73
Afdeling 4: PURPOSE LIMITATION (ART. 5.1.B GDPR) .................................................................... 73
Afdeling 5: DATA MINIMISATION (ART. 5.1.C GDPR) ...................................................................... 74
Afdeling 6: ACCURACY (ART. 5.1.D GDPR) ................................................................................... 75
Afdeling 7: STORAGE LIMITATION (ART. 5.1.E GDPR) ..................................................................... 76
Afdeling 8: INTEGRITY AND CONFIDENTIALITY (ART. 5.5 GDPR) .................................................... 76
Afdeling 9: DATA PROTECTION BY DESIGN AND BY DEFAULT (ART. 25 GDPR) ................................. 77
CHAPTER 12: DATA SUBJECT RIGHTS ....................................................................................................... 78
Afdeling 1: TRANSPARENCY / INFORMATION ............................................................................... 79
Oa1: Concise & transparent .......................................................................................................................80
Oa2: Intelligible .........................................................................................................................................80
Oa3: Easily accessible form .......................................................................................................................80
oa4: Clear and plain language....................................................................................................................81
Oa5: How do you need to give info? ............................................................................................................82
Afdeling 2: RIGHT OF ACCESS (ART. 15) ....................................................................................... 82
Afdeling 3: RIGHT TO ERASURE (‘RIGHT TO BE FORGOTTEN’) ....................................................... 83
Afdeling 4: RIGHT TO OBJECT (ART. 21) ........................................................................................ 84
Afdeling 5: AUTOMATED INDIVIDUAL DECISION-MAKING............................................................. 85
oa1: Prohibition (Art. 22 (1) GDPR) .............................................................................................................86
Oa2: Exceptions (Art. 22 (2) GDPR).............................................................................................................87
Oa3: Measures (Art. 22 (3) GDPR): .............................................................................................................87
afdeling 6: DATA SUBJECT RIGHTS IN PRACTICE .......................................................................... 88
CHAPTER 13: DATA SUBJECT COMPLIANCE ................................................................................................ 89
Afdeling 1: introduction .............................................................................................................. 90
Oa1: Privacy notice ...................................................................................................................................90
Oa2: Balancing test ...................................................................................................................................92
Oa3: Data breach notification ....................................................................................................................93
Afdeling 2 : Data protection officer .............................................................................................. 96
Oa1: When to appoint a DPO? ...................................................................................................................96
Oa2: Who to appoint as DPO? ...................................................................................................................96
Oa3: What tasks does a DPO perform? ......................................................................................................98
Afdeling 3 : Data processing agreement ....................................................................................... 98
Oa1: Data processing agreement – Article 28.3 GDPR ................................................................................99
Oa2: Joint controllership agreement – Article 26 GDPR ............................................................................. 100
Afdeling 4 : Records of processing activities .............................................................................. 101
Afdeling 5 : DPIA ...................................................................................................................... 102
Afdeling 6 : Spotlight: AI & Data Protection ................................................................................. 105
CHAPTER 14: DATA PROTECTION ENFORCEMENT ...................................................................................... 107



3

, Afdeling 1: Enforcement: Belgium ............................................................................................. 108
Oa1: DPA................................................................................................................................................. 108
OA2 : Data protection enforcement: other options: .................................................................................. 112
Afdeling 2: ENFORCEMENT: EUROPEAN UNION ........................................................................ 114
CHAPTER 20: COOKIES AND SIMILAR TRACKING TECHNOLOGIES .................................................... 117
Afdeling 1: introduction ............................................................................................................ 117
Afdeling 2: THE COOKIE RULE: ................................................................................................. 119
Afdeling 3: PRACTICAL IMPLEMENTATION ................................................................................. 120
CHAPTER 15. THE REGULATION OF ELECTRONIC COMMERCE AND DIGITAL SERVICES .......................................... 122
afdeling 1: The Digital Markets Act............................................................................................. 124
OA1: Gatekeeper? ................................................................................................................................... 124
OA2: cases: ............................................................................................................................................. 125
afdeling 2: The Digital Services Act ............................................................................................ 126
oa1: Intro ................................................................................................................................................ 126
OA 2: Material scope ............................................................................................................................... 127
§1. VLOPs and VLOSEs: ...................................................................................................................... 129
OA 3: Territorial scope ............................................................................................................................. 130
OA 4: Due diligence obligations ............................................................................................................... 131
§1. Content moderation ...................................................................................................................... 132
1.1 Article 14 Terms and conditions ....................................................................................... 133
1.2. Notice-and-action mechanisms ...................................................................................... 134
1.3. Trusted flaggers (Article 22 ) ............................................................................................. 136
1.4. Transparency reporting (Article 15 (1)) .............................................................................. 137
§2. Protection of MINORS (Article 28) .................................................................................................. 137
§3. Recommender systems (Article 27) ............................................................................................... 139
§4. VLOPs / VLOSEs ............................................................................................................................ 140
OA5: Digital Services Act: Practical implementation ................................................................................. 143
A. Basic information ........................................................................................................................... 144
1) Governance of supervising digital services ............................................................................ 144
B. Enforcement vis-à-vis VLOPSEs ...................................................................................................... 149
1. Risk management ...................................................................................................................... 149
2. The Commission’s Investigatory powers ..................................................................................... 150
3. Non-compliance decision / fine .................................................................................................. 151
C. Politics and law .............................................................................................................................. 152
CHAPTER 17. CONSUMER PROTECTION IN THE ONLINE ENVIRONMENT ........................................................... 153
afdeling 1: Spotlight: dark patterns ............................................................................................ 154
OA1: definition ........................................................................................................................................ 154
OA2: consumer agenda by EU commission (2020).................................................................................... 156
0A3: legal framework ............................................................................................................................... 157
§1. Unfair Commercial Practices Directive (UCPD) .............................................................................. 157
§2. Data protection framework ............................................................................................................ 159
§3. DSA .............................................................................................................................................. 162
§4. Artificial Intelligence Act ................................................................................................................ 163
§5. Conclusion legal framework .......................................................................................................... 164
CHAPTER 18. THE REGULATION OF DATA-RELATED PRODUCTS AND SERVICES ................................................... 166
Afdeling 1: Data intermediation services ................................................................................... 166
Oa1: Definition: ....................................................................................................................................... 166
Oa2: Obligations: .................................................................................................................................... 168
Afdeling 2: Data altruism services ............................................................................................. 168
Afdeling 3: Connected products and related services ................................................................. 169
Afdeling 3: Data processing services ......................................................................................... 172
Afdeling 4: examples ................................................................................................................ 174
CHAPTER 21. ONLINE ADVERTISING ...................................................................................................... 175



4